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REMARKS 

Cl^ms 1, 13, and 15 - 18 have been cancelled herein from the aw>lication witfaoot 
prejudice. Claims 3- 12 have been amended. Qaims 19 -26 have been added. Nonewmaller 
has been introduced wifli these amendment or added claims, \^ch are supported in the 
specification as originally filed Claims 2- 12 and 19 -26 are now in tte application. 

I. Re jection under 35 U.S.C. S102 

Page 2 of the Office Action dated June 21, 2005 (hereinafter, "the Office Action'^ states 
that Claims 1,3-13, and 15 -18are rejected under 35 U.S.C. §102(b) as being anticipated by 
Baddey et al. (U.S. 6;202,066). Claims 1, 13, and 15 - 18 have been cancelled firom the 
plication without pr^udice, rendering the ngecticm moot as to those claims, and Claims 3-12 
are deemed patentable over Baikley m view of the novelty of tfie independent clmms ftom M*ich 
Ifaey depend, as will now be discussed. 

Applicants have provided new independent Claims 19, 23, and 25 to more clearly specify 
limitations of their claimed invention, and respectfully submit tibiat Baikley fails to teach these 
limitations. 

The first limitation of Applicants' independent Claim 19 specifies "^storing, in a security 
repositoiy, a plurality of security obj ects> v^iierein each of the security objects corres?>onds to a 
ai&glgis^^ (see Clakn 19, lines 3-4^ emphasis added). Claixns 23 and 25 are similar. Baridey 
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docs not teach: 

(1) storing security objects in a security tepositoty 

Instead, Barkley simply states lliat his Object Access Types (**OATs'*) are stored 
separately fiom the objects to which they pertain. See, for example, the following citations: 

♦ col. 4, lines 56 - 59. "Hie OATS are thai manipulated as an entity separatE fiom 
the objects ... with vAikh they may be associated."; and 

♦ coL 7, lines 32 - 35, "Hie OATs can be manipulated as independent entities 
separate Stom the objects wi& \siiich they are associated"". 

(2) security objects that each correspond to a sm^role 

Instead, Baridey teadies that his OATs may specify information for more than one 
role. See, for example, the following citatiot^: 

4 cnL 5j linefl 5-14, describing a aomario where "members of a first role ate given 
a first level of acc^ or permis^ons to a first set of files or objects^ while those 
designated to a second tolc are granted a different second level of access to the 
same set of files. An OAT [note, singular: sag OAT] is then created (with 
both sets of pemiissions] ThejQAT [aggitu note singular ^OATjisthen 
assigned (emphasis 3ddsd); 

4 col. 7, lines 4-5, referring to a "list of roles or groiq)s^ (emphasis added) that can 
be associated with an object via a 3-tiq)le used for specifying Barldey^s OATs; 

♦ coL 9, lines 2-3^ staling that a role can be rcmo^vi^Jfoom an OAT (which, by 
hn^Ucatjon, indicates that the OAT contained more than one role); 

♦ coL 12, lines 42 - 45, all of the objects assigned to a gi^fc^ai QAT msy be 
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accessed identically by members of each of the toU^ assigned to that OAT 
(emphasis added); and 
♦ Table I, vfhett each of the cohnms represents a single OAT and each of the rows 
identifies a plurality of roles that may be represented in the OAT* The OAT for 
"accounts'', for example, iciwesents 4 of the 5 roles from the table (i,e,, all CKcept 
"employee")^ as desoribed in the corresponding text at col 1 1, line 63 - col. 12, 
line 32, 

Accordingly, tt can be seen that Barkley does not teach this first limitation of ^dependent 
Claims 19, 23, and 25. 

The second limitation of Applicants' independent Claim 19 is '"specii^ing, in each of the 
security otgects» all permissions granted to the corresponding role, wherein each of the specified 
permissions identifies at least one resource and^ for each resource, at least one action that can 
performed on the resource by sutijects granted the corresponding role, wherein selected ones of 
the resources are identified in the specified permissions of more than <me of the security objects 
and wherein the specified permissions for at least one of the security objects identifies a plurality 
of resources and for each of the plurality of resources, at least one of the actions'". Claims 23 and 
25 are similar. Baiklev does not tmch: 

(1) specifying^ in each of the security objects^ all permissions granted to the 
corresponding role 

Instead, Barkley teaches that permissions for a particular role can be split across 
Serial No. 09/943,618 -11- IUSW920010125US1 
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nOittyzlsOATs. See, for example, the Mo\viiig citations: 

♦ coL 7, lines 53 - 55, stating "changes in the pennissions granted to a particular 
TOle can be iitplemented simply by changing ... the corresponding OAT^** (note, 
plural use of OATs); and 

♦ coL 1?^ Im^c ^ - 40^ gfaititig the members of a giveiiiole may be assigned 
differing permissions ... by being assigned membership in diffimg Q^JV ' 
(emphasis added). 

(^) wherein the specified permissions for at least one of the security objects fdentifies 
a plurality of resoutccg and for each of the plurality of resources, at least one of the actions 

Instead, Barfdey teaches use of tfjpl^ that, for a particular role, specify a single^ 
object or r^uroe (and a pluraUty of actions tticreupon)- See, for example, tihe following 
citations^ 

♦ coL 6, lines 61 - 62, stating *This association can be represented as a 3-tiq>le: 
(role or group; object [note, singular]; {pennltted operaticms on object [note, 
singular]}" 

♦ col. 6, lines 63 - 65, stating "... a user assigned to role „. is auihorized to perform 
opemtion [note, singular] on object and 

♦ coL 6, line 66 - col. 7, line 3, stating that an ^isomorphic** representatiwi of the 3- 
tttple is a form where the role/group and object entries are reversed (again, using 
''object'' in the singular) 

t col. 7, lines 4-6, discussing the iscHnotphic r e p r e senta tion, stating that each 
object", the 3'taple spectfying that object provides a list of roles or pmps for Ihe 
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object 



AccxHdingly» it can be seen that Baikley does not teach this second limitation of 
independent Claixns 19^ 23, and 25. 

Because Baikley fails to tOTch Umitations of their independtao* Claims 19, 23, and 25, 
Applicants lespectfiilly submit that these clcdms are patentable over Barldey as cmrently 
presented. Dependent Claims 3 - 12, 20 -22, 24, and 26 are therefore deemed allov^ 
Baikley 1^ virtue oftiwnovdty of the independent clai^ The Examiner is therefore 
respectfully requested to wi1fadta:w the §102 rejection. 

n. CQffii^Mw 

Applicants respectfully request recons^etation of the pending rejected claims, 
withdmv^al of aJl pr^ently outstanding rqcctions, and allowance of dl reraainhig claims at an 



eadydate. 



Respectfully sulmiitted. 




MarciaL. Doubet 
Attorney for Applicants 
Reg. No. 40,999 



CustomerNumber for Correspondence: 4316S 
Phone: 407-343^7586 
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